I've been dealing with IP blocklists using two other methods before
email even reaches SA:
- In postfix my smtpd_recipient_restrictions includes "reject_rbl_client
zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
dbl.spamhaus.org" and I'm guessing potentially others could be added.
- IP/CIDR lists like the one you mention, but also lists like Stop Forum
Spam (https://www.stopforumspam.com/) I cron fetch then add to an ipset
with a DROP (which is quite similar to what others are suggesting).
I find that those are quite suitable.
Bert
On 10/11/2022 18:05, Grant Taylor via users wrote:
On 11/10/22 9:54 AM, Joey J wrote:
Hello All,
Hi,
I'm trying to see if there is a way to incorporate network ranges
into SA to essentially flag messages.
N.B. at least one of the lists below is individual IPs and not
networks / ranges of IPs. -- I'm not sure how to square that peg
with your wants / needs.
I know I can use iptables and reject it before getting to SA, but in
some cases we would have legit email get flagged within these bigger
blocks.
I would suggest investigating the other offerings from each vendor. I
suspect there is a good chance that many, if not all, of them offer a
DNS based query method.
See Riccardo's comment about Spamhaus / Spamteq.
I'm trying to incorporate:
feeds.dshield.org/block.txt
spamhaus.org/drop/drop.lasso
ciarmy.com/list/ci-badguys.txt
openbl.org/lists/base.txt
Short of that, it wouldn't be hard to turn them into a locally hosted
BL and then configure SpamAssassin to query it.
